skip to Main Content

I’m using GKE for deployments.

Edit: I need to access a customer’s API endpoint which is only accessible when using their VPN. So far I can run a container which connects to this VPN and I can cURL the endpoint successfully.

For the above, I have configured a Debian docker image which successfully connects to a VPN (specifically, using Kerio Control VPN) when deployed. Whenever I make a net request from this container, it runs through the VPN connection, as expected.

I have another image which runs a .NET Core program which makes necessary HTTP requests.

From this guide I know it is possible to run a container’s traffic through another using pure docker. Specifically using the --net=container:something option (trimmed the example):

docker run 
  --name=jackett 
  --net=container:vpncontainer 
  linuxserver/jackett

However, I have to use Kubernetes for this deployment so I think it would be good to use a 2-container pod. I want to keep the VPN connection logic and the program separated.

How can I achieve this?

3

Answers


  1. Each container in pod have shared network resources. If you run vpn client in one container them all containers in this pod will have access to network via vpn.

    Login or Signup to reply.
  2. Based on your comment I think I can advise you two methods.

    1. Private GKE Cluster with CloudNAT

    In this setup, you should you use Private GKE cluster with CloudNAT for external communication. You would need to to use manual externalIP.
    This scenario is using specific externalIP for VPN connection, but it’s required from your customer to whitelist access for this IP.

    1. Site to site VPN using CloudVPN

    You can configure your VPN to forward packets to your cluster. For details you should check other Stackoverflow threads:

    Login or Signup to reply.
  3. I’m using a similar approach. I have a Django app for whose static files to be served files I need nginx. I want the app to be accessible through VPN for which I’m using OpenVPN.
    Both the nginx container and the django container are in the same pod. My limited understanding is that it would be enough to run VPN in the background in the nginx container and it should successfully route requests to the backend using localhost because they’re in the same pod.
    But this doesn’t seem to be working. I get a 504 Time-Out in the browser and the nginx logs confirm that the upstream timed out. Have you done anything extra to make this work in your case?

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search